April 14, 2011

‘Coreflood’ Network Shut Down

by ssavage

The FBI and Justice Department announced Wednesday they have disabled a huge network of virus-infected computers used to steal passwords and financial data by cyber criminals.

In a joint statement, the agencies said the network, operating as the "Coreflood" botnet, is believed to have been in operation for nearly ten years and could have been behind infections of more than two million computers worldwide.

Charges of wire fraud, bank fraud and illegal interception of electronic communications were filed against 13 suspects in the case. Five computer servers and 29 Internet domain names were seized as part of the operation.

Authorities described the takedown as the "most complete and comprehensive enforcement action ever taken by US authorities to disable an international botnet."

US, Spanish and Slovenian law enforcement agencies last July announced the arrest of the suspected creator of the "Mariposa Botnet," which was believed to have infected as many as 12 million computers globally.

In the new case, Coreflood, which exploited vulnerabilities in computers running Microsoft's Windows operating systems, stole usernames, passwords and other personal info, US officials told AFP in a statement.

"The seizure of the Coreflood servers and Internet domain names is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes," said US attorney David Fein.

"These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the Internet more secure," said Shawn Henry of the FBI's Criminal, Cyber, Response and Services Branch.